tls: add disable_stateful_session_resumption option (#29639)

Signed-off-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Mirrored from https://github.com/envoyproxy/envoy @ 62c9de74ae1e241cba0ed2202e09e055ea74eaf4
1 year ago · c6cfe83d60
parent 678fd2e507
commit c6cfe83d60
1 changed files with 5 additions and 1 deletions
--- a/envoy/extensions/transport_sockets/tls/v3/tls.proto
+++ b/envoy/extensions/transport_sockets/tls/v3/tls.proto
@ -63,7 +63,7 @@ message UpstreamTlsContext {
  google.protobuf.BoolValue enforce_rsa_key_usage = 5;
 }

-// [#next-free-field: 10]
+// [#next-free-field: 11]
 message DownstreamTlsContext {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.api.v2.auth.DownstreamTlsContext";
@ -119,6 +119,10 @@ message DownstreamTlsContext {
    bool disable_stateless_session_resumption = 7;
  }

+  // If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
+  // relevant only for TLSv1.2 and earlier.)
+  bool disable_stateful_session_resumption = 10;
+
  // If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
  // Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
  // Only seconds can be specified (fractional seconds are ignored).